Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking, eggheads fear
https://www.theregister.co.uk/2020/01/10/broadcom_cable_haunt_vulnerability/
A vulnerability in Broadcom's cable modem firmware has left as many as 200 million home broadband gateways in Europe, and potentially more worldwide, at risk of remote hijackings.
Four Danish researchers have demonstrated how a miscreant could exploit the hole, CVE-2019-19494, the wild: essentially, a victim is tricked into opening a webpage or similar containing malicious JavaScript. This code subsequently connects to the web server built into the vulnerable modem on the local network. The script then alters the contents of the modem's processor registers, by overwriting the stack, to redirect execution to malware smuggled in with the request.